Re: Administrator Can't log into a DC unless the DC can see a GC

I believe that you have misunderstood this article. This has nothing to do
with an admin being denied access to a resource because a GC is unavailable.
This provides a situation where none admins can gain access to the network
after they have established access and then the GC is temp unavailable.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"Simon Geary" <simon_geary@xxxxxxxxxxx> wrote in message
news:e2$AWmIPFHA.3372@xxxxxxxxxxxxxxxxxxxxxxx
> By default, an administrator can log in without a GC present but this can
be
> changed via the registry so that even admins need a GC present. This is a
> security setting which another admin on your network probably enabled.
Have
> a read of this, it should help.
> http://support.microsoft.com/?id=241789
>
> "Darryl Paterson" <DarrylPaterson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:C54D41F3-FD70-4E13-A21F-0E4B5CA5EDB7@xxxxxxxxxxxxxxxx
> > My forest has three tree's, and the tree I'm interested in has a single
> > domain and three DC's. Two are GC's and one (with RID and
Infrastructure)
> > is
> > not. As long as the non-GC server can see a GC server then I can use
the
> > administrator account and log in fine. If I pull the network cable out
of
> > the main network and plug it into a simple isolated hub and try and log
in
> > as
> > administrator it gives the cannot connect to a dc message. As soon as
the
> > network cable is plugged back into the main network it all logs in okay.
> > All
> > DC's are DNS servers, and all DC's point to themselves as the first DNS
> > server to look at.
> >
> > I haven't looked at any other tree in the forest at this time.
> >
> > As a quick test I set up a clean domain with GC's and non GC's. In the
> > clean environment if the non-gc box couldn't see a GC the administrator
> > could
> > still log in.
> >
> > All the servers in the forest are W2k SP4. Replication is fine
according
> > to
> > both Sonar and Ultrasound. Any thoughts anyone?
>
>


.

Relevant Pages

  • Managing our complete company using Microsoft products
    ... Directory, Mail Server, File Server and Print Server. ... Directory and network, while the other one has 6 peer-to-peer Windows 2000 ... We do not have a system administrator, and we do not have the resources or ... who wrote this are doing all of their project management and enterprise ...
    (microsoft.public.project)
  • Managing our complete company using Microsoft products
    ... Directory, Mail Server, File Server and Print Server. ... Directory and network, while the other one has 6 peer-to-peer Windows 2000 ... We do not have a system administrator, and we do not have the resources or ... who wrote this are doing all of their project management and enterprise ...
    (microsoft.public.office.misc)
  • Re: Where are DC signatures stored in AD ? Can then be edited using adsiedit ?
    ... These entries ARE ONLY on DC1 (server with SAM Error) and have Names of ... Name: 'Administrator' ... Our live network at the time only had one 2000 ... signature for the first DC. ...
    (microsoft.public.windows.server.active_directory)
  • Re: RDP limited but RWW just fine
    ... administrative access to the server for the purpose of server management, ... RDP client) to get to session 0. ... admin rights, 1 with poweruser, and the rest ... I use a domain administrator account to log into the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Administrator Privlidges for all
    ... admin privlidges. ... >Windows 2000 pro Server. ... >share a folder and restrict access to that folder there ... select Administrator. ...
    (microsoft.public.windowsxp.security_admin)